Do we need a Risk Register for ISO 9001:2015

Z

zoolieu

#1
It appears that a "risk register" is not required for ISO 9001:2015.
We always post issues, situations, risks, concerns and potential problems on a large dry erase board so that the issues do not get forgotten.
Would it also be necessary to draft a register to house these risks and resolutions in?
We have our audit in 3 weeks.
On a side note - we are a distributor (not MFG) and very small company of 5
 
Elsmar Forum Sponsor

BoardGuy

Quite Involved in Discussions
#2
Although 6.1 specifies that the organization shall plan action to address risk there is:

a) No requirement for formal methods for risk management
b) No requirement to document risk management process
c) No requirement to retain documented information as evidence of determination of risks.

This part of the Standard has developed in to a cottage industry of risk based thinking gurus that could lead you in to performing FMEAs for all process. We developed a simple spreadsheet that addresses both Section 4 and 6.1 requirements. Our spreadsheet looks at:

a) Interested parties and their reason for interest
b) Internal issues of concern
c) External issues of concern
e) Organizational risks and how they are addressed

In the end you should not just create something to address 6.1. You should develop needed information that is helpful to top management and the organization.
 
Z

zoolieu

#3
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
 

Kronos147

Trusted Information Resource
#4
At our shop, we found something we already capture, NCR's, in our NCR log, and added an NCR classification, Risk.

We look to see what methods we already have and expand upon them as opposed to develop new processes.

We also have a quote review checklist. We added a section to document Risks.

We have a process to qualify vendors and issue PO's. We integrated risk management.
 

BoardGuy

Quite Involved in Discussions
#5
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
 
Z

zoolieu

#6
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
 

Jim Green

Involved In Discussions
#7
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
I am not an expert, but I would keep it in an electronic folder. Then present hard copy during Mgr Review. That way it's covered.

In my experience, the more you have presented in Mgr Review, the more efficient and easy your external/3rd party audits tend to be.

I am going to start off very simple at first. Trying to capture major processes, and see how it goes.
 
Z

zoolieu

#8
So - I have a bit to add that I hope will deem helpful.
You do NOT have to have a "register" per se, but you do need to have a MR, so that all has to be integrated. We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
 

Mark Meer

Trusted Information Resource
#9
We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
I would strongly suggest moving this activity to a shared document/spreadsheet, instead of a dry-erase board. ISO requirements aside, I think it's important to have some lasting record of activities you do... it makes it easier to look back later and make decisions based on past activities.

Google Docs is a good possibility as it is free, any number of people can collaborate simultaneously, and revision histories are maintained.

If people are at their computers daily, you could set it to people's home-page, thus (more-or-less) ensuring that everyone sees it daily...
 

dsanabria

Quite Involved in Discussions
#10
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
You could do a "PM" Private Message and not make your documentation to the whole world - thus not violating proprietary laws because no one will know or find out. :cool:
 
Thread starter Similar threads Forum Replies Date
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 1
M Informational FDA Panel: Too early to pull textured breast implants over cancer risk, need more data Medical Device and FDA Regulations and Standards News 0
V How to Publish/Convince Stake Holders about need/utility of Risk Management Systems FMEA and Control Plans 6
S Do HF Accessories need to perform a Risk Management Process of 60601-1:2005? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
D PA, CA and Risk-Based Decision Making - Need Input Preventive Action and Continuous Improvement 7
W Need risk acceptance policy/criteria ISO 14971 - Medical Device Risk Management 3
A ISO14971:2001 - Risk Management for Medical Devices - Help need copy ISO 14971 - Medical Device Risk Management 10
R Reduce the need for authorisation of low risk changes Document Control Systems, Procedures, Forms and Templates 3
A Brexit When does the UK responsible person need to be in place? UK Medical Device Regulations 10
R Do we need issue ECN (Engineering Change Notice) towards updated Material Specification? Design and Development of Products and Processes 2
N IPC-A-630 - Is this free or do i really need to pay for it? Manufacturing and Related Processes 3
C ISO/ IEC 17021 Resource requirement (need help) Document Control Systems, Procedures, Forms and Templates 5
P Need a programmer for QVI's VMS software for optical inspection machine Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
silentmonkey How to decide what characteristics need to be verified during incoming inspection? ISO 13485:2016 - Medical Device Quality Management Systems 5
D Change Approval Requirements - Does every change need formal customer approval? Design and Development of Products and Processes 17
T Do I need a qualified compiler for class B software? IEC 62304 - Medical Device Software Life Cycle Processes 3
E 13485:2016, Sections 4.1.6, 7.5.6 and 7.6 - Validation of Software - Need some Advice please ISO 13485:2016 - Medical Device Quality Management Systems 3
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
L Proof of Concept Studies - Do we need to comply with SAE reporting? Medical Device and FDA Regulations and Standards News 3
gunnyshore Adding a new facility - do I need to submit an amendment to the MDL or MDEL, or both? Canada Medical Device Regulations 3
N FDA UDI - Label vs. Labeling - Does the insert need to include UDI? Other US Medical Device Regulations 1
SocalSurfer AS9100 new certificate, but need QMS software, help Quality Assurance and Compliance Software Tools and Solutions 2
A Demonstration of Equivalence - Need for comparing biological characteristics for an SamD EU Medical Device Regulations 1
G Need to change KPI we called NC parts (maximum 3%.) to FTQ (first time quality) IATF 16949 - Automotive Quality Systems Standard 4
W Need for current design or process control FMEA and Control Plans 2
L Turkish Requirements - Does the Software need to be translated? CE Marking (Conformité Européene) / CB Scheme 2
J Need for a cleanroom in the manufacture of a medical device for a clinical trial EU Medical Device Regulations 4
S Need help with analysing a survey on minitab Using Minitab Software 1
M IATF 16949 8.5.1.3 Verification of job set-ups - Do we need secondary check? IATF 16949 - Automotive Quality Systems Standard 7
P Electrosurgical Device User Need: Cord Flexibility -> Requirement Other Medical Device and Orthopedic Related Topics 4
P Do I need to get registered or have German entity to sell IVD products in Germany? CE Marking (Conformité Européene) / CB Scheme 2
J Documentation structure - Do I need Work Instructions? Document Control Systems, Procedures, Forms and Templates 23
G Need resources / tutorials about OPS (Operation) for ISO IT (Information Technology) Service Management 8
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
M Do you need an Applicable general safety and performance requirements Checklist? EU Medical Device Regulations 2
Y Does Solidworks (2D/3D drafting modules) need validation? Other Medical Device and Orthopedic Related Topics 5
M Do we need to create a new CER or can we just update the existing CER EU Medical Device Regulations 3
K A proposal for the model Quality Management - I need help for the project ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B Record Management - Does the QMS need to control templates of records? Records and Data - Quality, Legal and Other Evidence 17
Q Need clarification on requirements.... Class i, gmp & 510(k) exempt Medical Device and FDA Regulations and Standards News 12
U Do we need clinical trial data for Class IIa medical device under MDR EU Medical Device Regulations 7
G Do we need to QA cert? We only plan to supply reagents Medical Device and FDA Regulations and Standards News 3
I MSA requirement for 5 Micrometers + CP changes need customer approval? IATF 16949 - Automotive Quality Systems Standard 2
R Evaluating the need for preventive action Preventive Action and Continuous Improvement 3
R Probability - Need a help to solve the below question Statistical Analysis Tools, Techniques and SPC 5
E In need of a new TGA sponsor - Small software company Other Medical Device Regulations World-Wide 4
8 Need Help - Runout - Function Gage Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
B Need For BIS Standard Mark? Imported OEM's Power supply,Li-Ion Battery Other Medical Device Regulations World-Wide 0
F How many signatures do we need on calibration certificates? ISO 17025 related Discussions 8
B We need a QMS: file-based templates or software Other Medical Device Related Standards 23

Similar threads

Top Bottom